News Archive
March 12th, 2010 - The OpenVAS Project applies for the Google Summer of Code 2010 Program
The OpenVAS Project sent in its application for the Google Summer of Code 2010 Program today.
A list of accepted organizations will be published on March 18th. An ideas page with basic information exists. Thanks for all the input so far!
December 18th, 2009 - Network Security Scanner OpenVAS 3.0.0 Released
On December 18th, 2009, the OpenVAS developer team released OpenVAS 3.0.0. The release introduces new features and a new architecture which forms the basis for turning the vulnerability scanner into a vulnerability management solution.
The GPL-licensed Open Vulnerability Assessment System (OpenVAS) has become the Open Source Network Vulnerability Scanner. It is complemented with the largest open collection of vulnerability tests, the daily updated OpenVAS NVT Feed with over 15,500 Network Vulnerability Tests (NVTs).
Exactly 1 year after version 2.0.0 was released, the new 3.0 generation introduces:
- A new internal architecture of the modules
- NVT Meta Information that is free of arbitrary size limits
- IPv6 support
- WMI clients support
- Supports upcoming optional extensions:
- OpenVAS Manager for storing and organizing scans on a central server in a SQL database
- OpenVAS Administrator for User-, Feed- and Settings-Management
- Greenbone Security Assistent for a web-based Vulnerability Management
Compatibility:
The new OpenVAS Scanner remains compatible with the OpenVAS NVT Feed as well as
with the Greenbone Security Feed. Also, it is possible to use the new OpenVAS
Scanner with the OpenVAS-Client 2.0.
OpenVAS Client 3.0 can connect to both OpenVAS Scanner 3.0 and OpenVAS Server
2.0 concurrently, and even to OpenVAS Manager via the new OpenVAS Management
Protocol (OMP).
New Module Architecture:
OpenVAS 3.0 introduces a new architecture where openvas-libraries now includes
openvas-libnasl as well as redundant code from openvas-client. The module
openvas-server has been renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this, the total
number of source code lines decreased, though new features were added. Also,
for running just the core scanner only 2 modules are required (instead of 4 as
is the case for OpenVAS 2.0).
Maintenance:
Version 3.0 will be maintained by the OpenVAS team for at least 2 years and the
maintenance of Version 2.0 will continue for at least one year. Version 1.0 is
being retired in January 2010.
Downloads:
All download links for OpenVAS 3.0.0 and additional information can be found on
the OpenVAS website. OpenVAS 3.0.0 has been released initially as a source code
package; binary packages for various distributions are expected to follow.
The OpenVAS team would like to thank everybody who has contributed to this release. We have worked hard to bring you a reliable network security scanner. If you have any questions or suggestions, please feel free to use the public mailing list and our online chat. Please use the OpenVAS bug tracker to report bugs.
The OpenVAS developers would like to wish all users a recreative holiday season and a happy new year.
August 10th, 2009 - The second OpenVAS Developer Conference and Workshop was a success
The second OpenVAS Developer Conference was held in Osnabrück from July 9th to July 12th. A workshop preceded it on July 8th.
With 16 participants from 4 continents we had lots of fruitful discussions, fun
and even did an important bug fix!
See details about the conference and workshop.
The minutes are also online now.
April 9th, 2009 - OpenVAS now beyond 10000 Network Vulnerability Tests
Passing the 10000th Network Vulnerability Test (NVT) is a perfect occasion to report about the progress of the OpenVAS project[1].
In October 2008 the systematic development of new NVTs started with a base of around 5800 Tests. With the release of OpenVAS 2.0 in December 2008, the development was boosted and has now reached an average of 10 code updates per day. The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability tests every day.
December 17th, 2008 - OpenVAS 2.0.0 released
On December 17th, 2008, the OpenVAS developer team released OpenVAS 2.0.0 which marks the start of the next generation of the Open Vulnerability Assessment System for network security scanning.
December 5th, 2008 - OpenVAS 2.0-rc1 released
The OpenVAS developers are happy to announce the release of the 2.0-rc1 versions of openvas-libraries, openvas-libnasl, openvas-server and openvas-client.
This release is the first release candidate for the upcoming 2.0 release of OpenVAS. Unless serious bugs are discovered, this release candidate will become the final OpenVAS 2.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ .
This release marks another milestone towards the improvement of the OpenVAS infrastructure; it uses the finalized version of OTP, the new OpenVAS Transport Protocol which debuted in 2.0-beta1 and has now completely replaced the old Nessus Transport Protocol (NTP).
November 14th, 2008 - OpenVAS and backtrack
As OpenVAS is not in Backtrack 3 by default (yet!). You can download lzm module or download remastered backtrack3 which includes OpenVAS lzm (it still fits on 700 Mb CD). It's good way of testing OpenVAS in case you want to try it out.
October 30th, 2008 - 2008 OpenVAS Contest Winners Announced
With 5 nominees who contributed a large number of improvements to the OpenVAS framework and extended the Open Source Network Vulnerability Testing, the 2008 OpenVAS Contest was a great success.
The OpenVAS developers and the sponsors of the OpenVAS Contest would like to thank all developers for their great contributions. The developers have spent a considerable amount of time on their submissions and have helped OpenVAS to become even better. These contributions will be included in the upcoming OpenVAS 2.0 release which will help to make the task of network security scanning easier worldwide.
And the winners are ...October 15th, 2008 - OpenVAS 2.0 Begins Public Beta Phase
In late September 2008, the OpenVAS developer team released the 2.0-beta1
version of OpenVAS, the Open Vulnerability Assessment System for network
security scanning.
The intended audience for this beta release are experienced users interested
in upcoming features as well as developers of vulnerability checks.
The new version introduces first steps towards support for OVAL, the Open Vulnerability and Assessment Language.
OVAL is an international, information security, community standard to promote
open, standardized and publicly available security content.
The OpenVAS server can now execute OVAL files just like its own Network
Vulnerability Tests (NVTs) by using the OVAL definitions interpreter "ovaldi".
While the plain ovaldi tool can only check local systems where it is
installed, the combination with OpenVAS enables it to test any target system
for which OpenVAS has collected information. The beta1 release offers sample
support for Red Hat Enterprise Linux security announcements which are
provided as OVAL definitions.
Major internal changes include the cleaned and extended protocol for client-server communication (OTP) and the transition to the new OID-based scheme for unique IDs of vulnerability tests. The switch from the NTP inherited from Nessus to OTP was necessary due to security and design considerations.
The OpenVAS (NVTs) remain compatible with both the 1.0 and 2.0 series of OpenVAS. This also means that the free OpenVAS NVT feed service (which has recently extended to deliver the full range of NVTs, grown to over 5000 available NVTs) is also compatible for both release series. The switch from NTP to OTP does not affect NVTs already in existance. This means NVTs written in NASL continue to be fully supported by OpenVAS. There is no need to make changes to your old NASL scripts -- unless you want to use the new features.
The first release candidate of the new OpenVAS Compendium has been made available in PDF and HTML format for final reviews and as a base for translation into other languages (a translation to German is already in progress) as well.
The OpenVAS team is looking forward to feedback for the beta1 release. If you want to participate in the beta phase by sharing your experience with beta1 or if you have any questions, please feel free to use the public mailing lists or visit us in our IRC online chat.
August 13th, 2008 - OpenVAS Toolchain for Network Vulnerability Tests Established and Stable
OpenVAS Toolchain for Network Vulnerability Tests Established and Stable, Now Focussing on Tests Development and Documentation
In July 2008 the OpenVAS developer team finished the update cycle of the 1.0 release including all four server modules and the client.
The most work during this update cycle went into cleanups and support for RPM and Debian packagers. The number of necessary bug-fixes remained pleasingly low.
OpenVAS installation packages are readily available for various platforms: openSUSE, Fedora, Mandrake, FreeBSD and Gentoo. Packages for Debian and Ubuntu are in the works. Additionally, OpenVAS-Client is available for Microsoft Windows operating systems.
The OpenVAS developer team has started creating a comprehensive documentation for the whole toolchain; the next major challenge for the project is now to extend the range of the vulnerability tests for present and upcoming security issues, especially for those reported as CVEs, BIDs etc.
It is a fundamental goal of the OpenVAS project team to accompany the Free Software OpenVAS network security scanner licensed under GNU GPL with a feed of vulnerability tests being Open Source and readily available for everyone as well. Additional contributors are welcome to join the OpenVAS developer team.